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REMARKS 

The Examiner has rejected Claim 13 under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Such rejection is deemed overcome in view of the 
clarifications made to the claims hereinabove. 

The Examiner has rejected Claims 1-15, 19-25, and 27-29 under 35 U.S.C. 102(e) as 
being anticipated by Abraham et al., U.S. Patent No. 5,983,270. Applicant respectfully 
disagrees with this rejection, especially in view of the clarifications made to the claims 
hereinabove. 

Specifically, with respect to Claim I et al., the Examiner relies on the col. 2, lines 31- 
60 and col. 7 from Abraham to meet applicant's claimed "second data processing unit 
adapted to process incoming packets according to one of said plurality of instruction sets." 
In particular, the Examiner points to Abraham's "filter executive" to meet such claim 
language. 

Such, excerpts, however, merely suggest that the "filter executive:" 

w ... provides communication and policy processing between the database 
72 and a filter engine 78 that actually filters the IP packets 
passing through the network server 50* The filter executive 76 loads 
the policies for each user collected by the database 72, optimizes 
them into a set of rules for each user, and provides the optimized 
rules to the filter engine 78. 

The filter engine 78 filters all IP packets passing through the 
network server 50 using the rules for each user provided by the 
filter executive 76. The contents of the IP packets contain the 
information necessary to determine if the IP packets comply with the 
rules in effect. If an IP packet does not comply, the IP packet may 
be discarded by the filter engine 78 and thus, prevented from 
reaching its intended destination. In addition, the filter engine 78 
may log the filtered packet and notify the user of the action taken 
by it." (col. 7, lines 50-67) 

Thus, Abraham's "filter executive" merely generates the rules by which the filter 
engine filters the incoming packets. In sharp contrast, applicant teaches and claims a second 
data processing unit adapted to " process incoming packets according to one of said plurality 
of instruction sets " (emphasis added). Only applicant teaches and claims such a combination 
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of features and components for providing a filtering first data processing unit working in 
conjunction with a second data processing unit that processes the filtered data packets. 



With respect to Claim 1 9 et al., the Examiner relies on the following excerpt from 
Abraham to meet applicant's claimed "assigning a first thread to the first incoming packet if 
said first incoming packet is admitted, wherein said first thread points to a stored policy" and 
"processing the first incoming packet according to said stored policy." 



*FIG. 4 is a block diagram of the component parts of the network 
management program 80 as distributed among the various computers and 
servers connected to the LAN 44 . The GUI 70 of each administrative 
computer 54 and the network server 50 communicate the information and 
policies input by the operators of those computers to the rules and 
logging database 72 located on the network server 50 via the LAN 44. 
These policies are stored and processed by the rules and logging 
database 72, which then passes the user policies along to the filter 
executive 76 along with mapping information for each user. The filter 
executive 76 optimizes the policies into a set of rules for each user 
and passes the rules and user mapping information to the filter 
engine 78. The filter engine 78 filters all outbound IP packets 
transmitted from the LAK 44 to the Internet 40 and verifies all 
inbound IP packets from the Internet 4 0 according to the rules 
provided to, the filter engine 78 by the filter executive 76. As this 
occurs, the naming services manager 74 provides the filter executive 
76 with updated mapping information which the filter executive then 
passes on to the filter engine 78 so that the filter engine begins 
and ceases filtering of IP packets dynamically as users log into and 
out of the LAN 44." (col. 9, lines 43-65) 

However, in such excerpt, there is simply no disclosure, teaching or even suggestion 
of any sort of assigning of a first thread to a first incoming packet if it is not filtered, and then 
processing such specific packet based on a policy that corresponds to such thread. 



Only applicant teaches and claims such a feature for filtering packets and assigning 
admitted packets a thread that has an associated policy to be used to process such specific- 
thread packets. In sharp contrast, Abraham falls short by merely suggesting rule-based 
filtering, not filtering followed by processing that is specifically configured based on a policy 
associated with a thread assigned to packets admitted after filtering. 



To further emphasize this distinction and in the spirit of expediting the prosecution of 
the present application, applicant now claims: 
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"a second data processing unit adapted to process incoming packets according to one 
of said plurality of instruction sets after the filtering* based on a thread assigned to the 
incoming packets by the first data processing unit " (emphasis added - see Claim 1 et 
al.); and 

"determining whether to admit the first incoming packet using filtering : 
assigning a first thread to the first incoming packet if said first incoming packet is 
admitted after the filtering , wherein said first thread points to a stored policy" 
(emphasis added - see Claim 1 9 et al.). 

A notice of allowance or specific prior art showing of such features, in combination 
with the remaining claim elements, is respectfully requested. 

It appears that the Examiner's rejection is further deficient with respect to many of 
applicant's dependent claims. For example, the Examiner relies on col. 7; col. 5, lines 46-67; 
and col. 6, lines 1-4 to meet applicant's claimed: 

"wherein at least one of said policies comprises: 

a first address pointer element for identifying the location in said addressable 
memory unit of one of said plurality of instruction sets, and 

a second address pointer element for identifying the location in said 
addressable memory unit of a state block" (see Claim 4 et al.). 

However, there are simply no first and second address pointers in such excerpts, let 
alone pointer elements associated with policies , where a first pointer element is for 
identifying the location of one of said plurality of instruction sets and a second pointer 
element is for identifying the location of a state block . Again, a notice of allowance or 
specific prior art showing of the speciiic features of all of the dependent claims, in 
combination with the remaining claim elements, is respectfully requested. 

Applicant further brings to the Examiner's attention new Claim 30 which includes 
features that are deemed to be novel over the prior art of record. Just by way of example, 
Claim 30 requires, in addition to the features mentioned above, various other features such as 
an apparatus that includes "a control logic unit coupled to an input and the policy condition 
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table for feeding an arithmetic logic unit, which is in turn coupled to the policy action table 
and the state block for generating an output." 

Thus, all of the independent claims are deemed allowable. By virtue of their 
dependence on such independent claims, all of the remaining claims are further deemed 
allowable. 

Reconsideration is respectfully requested. 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5100. For payment of the 
fees due in connection with the filing of this paper, the Commissioner is authorized to charge 
such fees to Deposit Account No. 50-1351 (Order No. NAI1P069_99. 074.01). 




Registration No. 41,429 



P.O. Box 721120 
San Jose, CA 95172-1120 
Telephone: (408)505-5100 
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